Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.

Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.

3.
3
Audience Poll
Technologist, CTO
Finance, CFO
Audit, CFO
Security & Compliance, CISO, CCO
What is your primary role at your company?
IT Operation, CIO
Business Services, Executive
Consultant, Entrepreneur
What is your level of experience with Agile Development?
What is your level of experience with DevOps?
What is your level of experience with Cloud environment?
What is your level of experience with Big Data environment?
Evaluating
5+ years
1-3 years
3-5 years
Government, Nonprofit Org

7.
7
App A
Bins / Libs
App B
Bins / Libs
Docker Engine
Host OS
Server
The IT Industry Paradigm is Shifting…
Microservices by James Lewis and Martin Fowler URL: http://martinfowler.com/articles/microservices.html
Containers & VMs Michael Daconta URL: http://www.quora.com/How-is-containerization-different-from-virtualization
Microservices:
A software architecture style, in
which complex applications are
composed of small, independent
processes communicating with each
other using language-agnostic APIs.
These services are small, highly
decoupled and focus on doing a
small task.
Containerization: Horizontal
segmentation
Docker Container: The Docker Engine
container needs just the application and it’s
dependencies. It runs as an isolated process in
userspace on the host OS, sharing the kernel
with other containers. Thus, it enjoys the
resource isolation & allocation benefits of VMs
but is much more portable & efficient.
Kubernetes:
Open source orchestration system (container cluster manager) for Docker containers. It handles
scheduling onto nodes in a compute cluster and actively manages workloads to ensure that their
state matches the users declared intentions. Runs on Public Cloud, Private Cloud, and Bare Metal.
Virtualization: Vertical abstraction
Each virtualized application includes the
application, the required binaries & libraries,
and a Guest OS. The application may be in the
order of 10s of MB, however the Guest OS
may be in the order of 10s of GB.
App A
Bins / Libs
Guest OS
App B
Bins / Libs
Guest OS
Hypervisor
Host OS
Server
Type 2 Hypervisor
App A
Bins / Libs
Guest OS
App B
Bins / Libs
Guest OS
Hypervisor
Server
Type 1 Hypervisor

8.
8
The IT Industry Paradigm is Shifting…
Continuous Delivery (CD):
A software engineering approach in
which teams keep producing
valuable software in short cycles
and ensure that the software can
be reliably released at any time. It is
used in software development to
automate and improve the process
of software delivery.
API Management:
The process of publishing,
promoting and overseeing
application programming interfaces
(APIs) in a secure, scalable
environment. It also includes the
creation of end user support
resources that define and
document the API.
Continuous Integration (CI):
A development practice that
requires developers to integrate
code into a shared repository
several times a day. Each check-in is
then verified by an automated
build, allowing teams to detect
problems early.
Continuous Deployment (CD):
The deployment or release of code
to Production as soon as it is
ready. There is no large batching in
Staging nor long UAT process that is
directly before Production. Testing
is done prior to merging to the
Mainline branch and is performed
on Production-like environments.

9.
9
The IT Industry Paradigm is Shifting…
Cloud Foundry URL: http://www.cloudfoundry.org/index.html
DataGravity URL: http://datagravity.com/
Cloud Foundry:
Open source cloud computing
platform as a service (PaaS)
originally developed by VMware
and now owned by Pivotal
Software, a joint venture by EMC,
VMware and General Electric. The
Cloud Foundry is primarily written
in Ruby and Go.
Comes in 3 flavors:
• Cloud Foundry Open Source Software
(OSS)
• Pivotal Cloud Foundry (Pivotal CF)
• Pivotal Web Services (PWS)
DataGravity:
Data gravity is an analogy of the
nature of data and its ability to
attract additional applications and
services. The Law of Gravity states
that the attraction between objects
is directly proportional to their
weight (or mass). Dave McCrory
coined the term data gravity to
describe the phenomenon in which
the number or quantity and the
speed at which services, applications,
and even customers are attracted to
data increases as the mass of the
data also increases.

11.
11
DevOps
What is DevOps?
DevOps is the practice of operations and development engineers participating together in the entire service lifecycle,
from design through the development process to production support.
DevOps is a software development method that stresses communication, collaboration, integration, automation, and
measurement of cooperation between software developers and other IT professionals.
URL: http://theagileadmin.com/what-is-devops/
URL: http://en.wikipedia.org/wiki/DevOps
Development
(Software
Engineering)
Quality
Assurance
(QA)
IT
Operations
DevOps
IT Operations
“Be predictable – minimize risk”
Features & code
changes
Development
“Be more agile - deliver faster”
Agile
Development
DevOps
Quality
Automation
Collaboration
Feedback loop
Faster Release
Smaller Packages
Bring Applications to Customers Faster
DevOps MotivationDevOps Composition

13.
13
What is different in DevOps…
Release and Change Management:
URL: https://www.chef.io/solutions/continuous-delivery/
Incident Management: DevOps changes primarily who gets involved in Incident Mgmt at which stage and what
their stake is in the process. Even bigger impact may be achieved by ensuring there’s the right culture and mindset
that puts customers, service, reliability, and quick mean time to repair (MTTR) at the center of the approach.
Event Management Monitoring & Logging: Key difference is the complexity, scale, and speed in DevOps makes it
imperative to focus on Internet Scale vs. Enterprise Scale solutions.
Adapted from Torsten Rueten at URL: https://www.linkedin.com/pulse/devops-itil-match-made-heaven-hell-part-1-torsten-rueter

21.
21
Cloud Actors
• Cloud Consumer: Person or organization that maintains a business relationship with, and uses
service from, Cloud Providers.
• Cloud Provider: Person, organization or entity responsible for making a service available to
Cloud Consumers.
• Cloud Auditor: A party that can conduct independent assessment of cloud services,
information system operations, performance and security of the cloud implementation.
• Cloud Broker: An entity manages the use, performance and delivery of cloud services, and
negotiates relationships between Cloud Providers and Cloud Consumers.
• Cloud Carrier: The intermediary that provides connectivity and transport of cloud services from
Cloud Providers to Cloud Consumers.

43.
43
Example: 7 essential W’s auditing and monitoring
CADF Event Model: Basic and conditional
model components
What
What activity occurred? What was the result?
event.action
event.outcome
event.type (activity, monitoring, control)
event.reason (ex: security, reason code, policy id)
Source: http://dmtf.org/sites/default/files/standards/documents/DSP2038_1.0.0.pdf
Distributed Management Task Force (DMTF) Cloud Auditing Data Federation (CADF)
CADF Event Model and it’s components
• Work for any Activity Monitoring or, Control event
• Provides guidance on how to record Basic, Detailed or, Precise information for each component
When
When did the action happen? When was it observed?
How long did it take? ISO 8601 transactions Timestamp
event.eventTime
reporter.timestamp, event.duration
Who
Who (user/service) initiated the Action?
initiator.id; initiator.type
initiator.id (id, name)
initiator.credential
initiator.credential.assertions
Legend: Italics are optional properties
1
2
3
Where
Where was the Action observed, reported or,
modified? What role does the event serve? How
was it recorded?
observer.id, observer.type
reporterstep.role, reporterstep.reporterTime
4
On What
On What resource did the Activity Target?
target.id
5
FromWhere
From Where the Action was initiated?
May include
• logical/physical addresses
• ISO-6709-2008, precise geolocations
initiator.addresses, initiator.host, initiator.geolocation
6
ToWhere
To Where was the Action Targeted?
Can be as simple as an IP address or server name.
target.addresses, target.host, target.geolocation
7

44.
44
Challenges & Opportunities in Cloud Management
• Transparency is Crucial
• Regulations can’t keep up
• Need for continuous real-time security audits & monitoring
• Bridge the gaps between the academic world innovations and the business world
• Security requires a Big Picture approach
• BYOD brings additional challenges
• Bare-metal security features are not available in virtual world
• Accidental key sharing in appliances
• Leave security implementations to the experts
• Data partitioning for hybrid clouds
• Do consumers care? i.e. willing to pay
• Products can end up being used in industries they aren't designed for
• Security guarantees are impossible to "prove“
Source John Wetherill URL: http://www.activestate.com/blog/2015/02/locking-down-cloud-18-security-issues-faced-enterprise-it
Source URL: http://www.infosectoday.com/Articles/Cloud_Security_Challenges.htm

45.
45
Challenges & Opportunities in Cloud Management
• Containers and portable VM snapshots are too portable
• Encryption efforts are vulnerable if physical access to a machine is available
• Controlling physical access to the data center is not enough
• Privacy and security are at odds
• Lack of control over assets and physical security
• Integration and Interoperability of systems / API Management
• Who controls the encryption/decryption keys for data in store & in transit?
• Lack of standard for data integrity
• Virtual machines / Containers transition between Private to Public to Hybrid environments
• Establishing and Management of Service Level Agreements (SLA)
• Usage based Costing, Invoicing & Chargeback
• Data migration in and out of the Cloud Service Provider
• Plan for an exit strategy from the beginning
Source John Wetherill URL: http://www.activestate.com/blog/2015/02/locking-down-cloud-18-security-issues-faced-enterprise-it
Source URL: http://www.infosectoday.com/Articles/Cloud_Security_Challenges.htm

48.
48
Conclusion
• Migration to Cloud will continue due to the efficiencies and economics.
• Cloud is all about services and service delivery.
• The Cloud is only worth the services it delivers securely.
• Cloud is all about a hybrid world.
• Security, Risk Management & Audit practices are at the center for Agile, DevOps, and Cloud
Management transformation.

52.
52
DevOps & Cloud: Key is Automated Provisioning
Fully automated provisioning: the ability to deploy, update, and repair application
infrastructure using only pre-deﬁned automated procedures.
Criteria for achieving fully automated provisioning:
• Be able to automatically provision an entire environment — from “bare-metal” to
running business services — completely from speciﬁcation
• No direct management of individual boxes
• Be able to revert to a “previously known good” state at any time
• It’s easier to re-provision than it is to repair
• Anyone on your team with minimal domain speciﬁc knowledge can deploy or update
an environment